You’re safe with StepStone

With us you can be sure that your data is in safe hands. At StepStone we make it a point to take good care of personal data, so you can rest assured that your data is safe with us.

When we receive data from a customer or user, we have the responsibility to treat it carefully. We have always taken this responsibility seriously — data is in our DNA. We of course process personal data in accordance with the regulations of the General Data Protection Regulation.

On this page you can see how we safeguard your data and what we do in support of data security. You can also read our frequently asked questions and answers to what this means for your company.

FAQ

No, a data processing agreement is not necessary. When you use our products, you/your company and StepStone will both be independent data controllers. We state this in our Trade Conditions.
You will act as an independent data controller of the personal information that is copied/downloaded from the CV database. This means that you must inform the candidate that you are storing their personal data. You must also ensure that you have a legitimate reason to collect the data, what is called a “legal basis”, and that you obtain the candidate’s consent, for example. Read more in the Danish Data Protection Agency’s Guide on the Rights of Registered Individuals.
You can receive emails from candidates. If you save the candidate’s email, you must ensure that you have a legal basis and check, for example, whether you need their consent. Be aware of the requirements regarding purpose and storage limitations. Personal data should be collected for an objective purpose—not because it might be useful to have the data at a later date. You must also ensure that the data is erased or anonymised once it is no longer necessary for you to have it. Read more in the Danish Data Protection Agency’s General Information Brochure.
To access the StepStone CV database, you are required to accept our Terms and Conditions, and thereby commit to, under no circumstances, use or misuse the data in a manner which can be to the detriment of the candidate. As an independent data controller, you/your company must ensure that you comply with the legal requirements that apply for the processing of personal data.
StepStone has taken a number of security measures in order to protect the confidentiality, accessibility and integrity of personal data. You can read more about this here in our information security policy.
StepStone works determinedly in two aspects. With regard to registered individuals, we promote transparency and keep you informed on how we process your personal data. We also endeavour to make information as easily accessible and understandable for registered individuals as possible. Further, we continously update our terms and privacy policy to ensure that both are in keeping with legal requirements and guidelines. StepStone conducts clear-cut internal procures for how we uphold the rights of registered individuals, observe legal requirements and update our systems so that we can, for example, provide access to or erase personal data quickly. We also of course ensure that all deadlines—e.g. for deleting personal data—are met in accordance with current legal requirements. Lastly, we have appropriate security measures in order to protect the confidentiality, accessibility and integrity of personal data. You can read more about this here in our information security policy.

If you would like more information, you may contact Data Protection Officer Mette Egeberg by email at dpo@stepstone.dk or by phone at +45 72 45 90 56.

Please keep in mind that we at StepStone are not legal experts, so our answers are based on our own knowledge and interpretations. If you are in need of specific or binding answers, we recommend that you contact a legal advisor.